About this publication
Best-Practice Framework for Third-Party OT access
3rd Party Access to Operational Technology in Critical Infrastructure
A Vendor-Neutral Best-Practice Guide for Increased Cybersecurity and Operational Resilience
June 2026
Part 1, Version 1.21
Published by BifrostConnect, Technical Review by Mikael Vingaard, ICSRange.
This document is Part 1 of a two-part publication. Part 2 (the BifrostConnect Implementation Guide, June 2026) is the implementation companion that maps each Part 1 control to a BifrostConnect deployment.
All citations are traceable to primary
sources listed at the end of this document – all three files must be distributed together; clause-level traceability depends on the source-verification companion.
Executive summary
Executive Summary of the Best-Practice Guide for third-party OT access
Third-party vendors with remote access into Operational Technology are now the most common entry path for the most consequential cybersecurity incidents in critical infrastructure. This guide describes the access pattern that closes the path, the standards that mandate it, and how a complete programme integrates it. This page is the two-minute version. The rest of the document is the evidence and the detail.
Threats assessed
What are the three threats this guide addresses regarding third-party OT access?
The three threats this guide addresses
Threat 1
Weaponised remote access
Legitimate remote-access channels weaponised by nation-state and criminal actors.
Volt Typhoon
Sandworm
CyberAv3ngers
Threat 2
Vendor laptop bypass
Vendor-laptop access into OT segments that bypass enterprise security stacks.
Colonial Pipeline
SektorCERT
May 2023 attacks
Public report Nov 2023
Threat 3
Standing privilege
Credentials and tunnels that exist whether anyone is using them or not, providing an always-on attack surface.